I just read Damien Oh's blog post, How To Create Strong Passwords That You Can Remember Easily.  The post makes some excellent points, but in my opinion, the task of achieving comprehensive password security in the real world is a little thornier.

First, consistently using simple substitution rules, as suggested, to achieve memorable passwords is almost like not using them at all.  As others have pointed out, any serious crack attempt will run quickly through these simple substitution rules.

But there is an even more fundamental issue.  With so many sites asking for passwords, the first question to ask yourself is, "Should I use the same password in multiple places?"  E.g., should your Gmail account use the same password as your New York Times subscription, your brokerage accounts, your Windows login, your Twitter account, and your kid's school lunch money account?  IMO, the answer is no.  By using different passwords on different sites, you create natural security breach firewalls.

But, as soon as you start using different passwords on different sites, it quickly becomes impossible for you to remember all your passwords anyway, making the goal of memorable passwords less important.

The approach I recommend is to keep a "black book" and create genuinely strong passwords.  You may or may not elect to use a software password manager (if you do, use a secure one!) but it is critical that you keep a physical record of each password. I do use a software password manager, but I also keep a physical record of all passwords in a little black book--literally.

Password Management Tips

Here are a few tips that can save you from common password management headaches.

Easy-to-read passwords: When you record passwords in your black book, make sure you can read them.  This may sound silly, but believe me, its easy to mistake a hand-written zero for a letter 'o', an upper case 'W' from a lower case 'w', etc.  When writing down passwords:

• Put an underline under capital letters.
• Draw a slash through the digit zero.
• Draw a dash through the letter 'z'.
• Draw a space like a square bracket turned on its side opening upwards.

Easy-to-type passwords: While your passwords may not be easy to remember, there are tricks you can do to make them easy to type.  For example, this password is difficult to type: Tift#1doS!  But if you know that it is based on the phrase "Today is finally the number one day of Spring!" it becomes much easier to type.  For passwords I will use frequently, I try to base them on some type of phrase that makes them easier to type (and record that phrase in my black book.)

Critical passwords:  When security is vital—e.g., bank accounts, credit card access, etc.—use a genuinely strong password with no gimmicks.  You'll have to put up with typing the complex password from time to time without the help of memory aids, but a would be hacker will face a significant security challenge.  You can make up your own strong passwords, but I find it easier to use a password generator.  There are many good, free, password generators online. See the links below for two that I regularly use.

What are your favorite password security tips or suggestions?  Have any interesting password related success or failure stories to share?  Post a comment below.